Patch "Bluetooth: qca: fix NULL-deref on non-serdev setup" has been added to the 6.6-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Mon, 29 Apr 2024 13:56:10 +0200

This is a note to let you know that I've just added the patch titled

    Bluetooth: qca: fix NULL-deref on non-serdev setup

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bluetooth-qca-fix-null-deref-on-non-serdev-setup.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86 Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan+linaro@xxxxxxxxxx>
Date: Mon, 22 Apr 2024 15:57:48 +0200
Subject: Bluetooth: qca: fix NULL-deref on non-serdev setup

From: Johan Hovold <johan+linaro@xxxxxxxxxx>

commit 7ddb9de6af0f1c71147785b12fd7c8ec3f06cc86 upstream.

Qualcomm ROME controllers can be registered from the Bluetooth line
discipline and in this case the HCI UART serdev pointer is NULL.

Add the missing sanity check to prevent a NULL-pointer dereference when
setup() is called for a non-serdev controller.

Fixes: e9b3e5b8c657 ("Bluetooth: hci_qca: only assign wakeup with serial port support")
Cc: stable@xxxxxxxxxxxxxxx      # 6.2
Cc: Zhengping Jiang <jiangzp@xxxxxxxxxx>
Signed-off-by: Johan Hovold <johan+linaro@xxxxxxxxxx>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/bluetooth/hci_qca.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -1938,8 +1938,10 @@ retry:
 		qca_debugfs_init(hdev);
 		hu->hdev->hw_error = qca_hw_error;
 		hu->hdev->cmd_timeout = qca_cmd_timeout;
-		if (device_can_wakeup(hu->serdev->ctrl->dev.parent))
-			hu->hdev->wakeup = qca_wakeup;
+		if (hu->serdev) {
+			if (device_can_wakeup(hu->serdev->ctrl->dev.parent))
+				hu->hdev->wakeup = qca_wakeup;
+		}
 	} else if (ret == -ENOENT) {
 		/* No patch/nvm-config found, run with original fw/config */
 		set_bit(QCA_ROM_FW, &qca->flags);


Patches currently in stable-queue which might be from johan+linaro@xxxxxxxxxx are

queue-6.6/bluetooth-qca-fix-null-deref-on-non-serdev-suspend.patch
queue-6.6/bluetooth-qca-fix-null-deref-on-non-serdev-setup.patch
queue-6.6/arm64-dts-qcom-sc8280xp-add-missing-pcie-minimum-opp.patch







